News: VMwareGuruz has been  Voted Top 50 vBlog 2018. 

Cloud E2E

VMware NSX Event Logs Review

Have you raised a case with VMware supppot team? How many times you uploaded the logs to their portal? VMware Technical Support routinely request diagnostic information from you when a support request is handled. Today let’s look at available logs at NSX Product and which are helpful when you opened a case with VMware vendor. System Event Logs can be collected on vCenter, NSX Manager, NSX Controller, ESXi hosts and NSX Edge appliances. If you are using Syslog Server, then it is recommended that you specify the same syslog server for the NSX component and vCenter Server in order to get a complete picture when viewing logs on the syslog server.

 

Below reference table provides information on logs that are of importance to debugging various NSX Services. Refer to individual sections below for additional details and explanation on the log files.

NSX Logs Table

 

Log Rotation Schedule

NSX appliances retain log information according to the following log rotation schedule. The log rotation schedule is automatic and cannot be changed. The retention schedule is:

  • NSX Manager: vsm.log rotated after 200MB, max 10 files are retained. Files are compressed when stored.
  • NSX Controller: Log files rotated after 100MB, max 5 files are retained. Files are compressed when stored.
  • NSX Edge: All logs are stored in /var/log/messages, rotated after 2MB, with max of 5 files retained.

VMware recommends using syslog for long term retention of logs. All NSX components support syslog. Since the disk space on each appliance (NSX Manager, NSX Controller and NSX Edge) is limited by the VM size, the log rotation policy is primarily based on size (and not based on time).

 

NSX Manager – Tech Support Logs

NSX Manager reports SystemEvent for Logical Switch, Logical Router, Distributed Firewall and Edge Services. These logs can be access by downloading the Tech Support Log bundle. Tech Support logs can be manually downloaded from the NSX Manager Administration GUI at Home  Download Tech Support Log. This will generate a gzip file that can be downloaded for viewing/troubleshooting.

NSX Logs2

 

NSX Controller Logs via CLI

NSX controller is an advanced distributed state management system that controls virtual networks and overlay transport tunnels.The following commands can be used to access log files on the NSX Controller:

show logs

To view a log file          show log <log file name>

NSX Logs3

 

Hypervisor Logs

Accessing Hypervisor Logs locally on the host: NSX Component logs such as Distributed Firewall, netcpa, Distributed Virtual Switch, can be viewed locally on each ESXi host. List of log files related to NSX:

1. Distributed Firewall Packet logs can be found at /var/log/dfwpktlogs.log
2. Distributed Firewall UserWorld Agent logs: /var/log/vsfwd.log
3. netcpa (User world agent) logs can be found at /var/log/netcpa.log. This log file will contain messages regarding controller to host communication details.
4. Logical Switch (VXLAN), Distributed Logical Routing (DLR) and VMware Internetworking Service Insertion Platform (VSIP) Kernel module logs are available at /var/log/vmkernel.log. The Logical Switch related logs will be tagged with vxlan, the Distributed Logical Router related logs will be tagged with vdrb and the VSIP related logs will be tagged with vsip.
5. DVS logs are also available at /var/log/vmkernel.log

 

Source:      NSX-v Operations Guide

 

 

Related posts
Cloud E2EVMC on AWS

VMware Cloud Foundation 5.1 - Delivering key enhancements across Storage, Networking, Compute and Lifecycle management

Cloud E2EVMC on AWS

VMware Cloud on AWS (VMC) – SDDC Basic Operations

Cloud E2E

VMExplore 2022: VMware Aria Announcement (formerly vRealize Cloud Management)

Cloud E2E

vSphere Diagnostic Tool - Quick health checks via python script